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DETAILED ACTION 

1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 
1.17(e) has been timely paid, the finality of the previous Office action has been 
withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on September 04, 
2007 has been entered. 

2. The applicant canceled claims 11, 13, 23-34 and 40. 

3. Claims 1-4, 12, 14-16, 35-36, 38-39 and 41-49 have been examined and are pending. 

Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability 
shall not be negatived by the manner in which the invention was made. 

5. Claims 1-4, 12, 14-16, 35-36, 38-39 and 41-49 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Ting (US Pat. No. 2002/0174344) in view of Michener et al. (hereinafter 
referred to as Michener, US Pat. No. 7, 028, 191). 

As per claim 1 : 

Ting discloses a computer-implemented method for enhancing the security of informational 
interactions with a biometric device, comprising: 
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pre-establishing an encryption relationship between a computing device and the biometric device 
(0013); 

a session packet, and transmitting it to the biometric device wherein a session packet comprises 
generating a session number and storing it in the session packet (0025; 0029-31); and 

receiving a biometric information packet, decrypting it, and making a determination, as to 
whether or not to utilize a collection of biometric data contained in the decrypted 
biometric information packet, wherein making a determination comprises comparing a 
session number received with or a part of the biometric information packet to the record 
of the session number (0010; 0035; 0036). 

Ting discloses does not explicitly teach encrypting the generated session packet and 
maintaining a record of the session number. Michener, in an analogous art, however teaches 
encrypting the generated session packet and maintaining a record of the session number (column 
4: lines 55-67; column 5: lines 40-67; figure 5a, 5b; column 7: lines 15-60). Therefore, it would 
have been obvious to a person having ordinary skill in the art at the time the invention was 
made to modify the method disclosed by Ting to include encrypting the generated session 
packet and maintaining a record of the session number. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated by the 
desire a personal protection of electronic data that is small, easy to use, provides excellent 
protection to the PC/laptop use, that can operate in conjunction with corresponding devices at a 
central data gathering point to provide near real time validation of the information as suggested 
by Michener (in column 2: lines 55-62). 
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As per claim 2: 

Ting discloses a method, the consecutive order of pr-establishing, generating, 
maintaining, encrypting, and receiving (0030; 0036; 0039). 

As per claim 3: 

Michener discloses a method, further comprising storing the session number in a database 
associated with the computing device (Column 4: lines 52-65; Each TAD 10 is provided with a 
unique alphanumeric ID (TADID_A) and a unique and well-protected binary ID (TADID_B), 
each of which are stored in memory 26. Column 10: lines 1-25; figure 13: Table Lookup; data 
structure). 

As per claim 4: 

Michener discloses a method, wherein generating a session packet comprises obtaining a 
session key and storing it in the session packet (column 7: lines 10-30; column 9: lines 1-30). 

As per claim 5: 

Michener discloses a method, further comprising storing the session key in a database 
associated with the computer (Column 10: lines 1-25; figure 13: Table Lookup; data structure). 



As per claim 6: 
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Michener discloses a method, wherein receiving a biometric information packet and 
decrypting it comprises receiving a biometric information packet and decrypting it with an 
encryption key that is complimentarily related to the session key (figure 10: 104, 1008, 1010; 
column 13: 54-65; column 15: lines 5-10, lines 16-23). 

As per claim 7: 

Michener discloses a method, wherein obtaining a session key comprises generating a 
public key portion of a PKI key pair (column 17: lines 5-11). 

As per claim 8: 

Michener discloses a method, wherein receiving a biometric information packet and 
decrypting it comprises receiving a biometric information packet and decrypting it with a private 
key portion of the PKI key pair (column 17: lines 5-11). 

As per claim 9: 

Michener discloses a method, wherein receiving a biometric information packet and 
decrypting it comprises receiving a biometric information packet and decrypting it with an 
encryption component that is independent of the pre-established encryption relationship (figure 
17). 



As per claim 10: 
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Michener discloses a method, wherein generating a session packet comprises generating a 
session time stamp and storing it in the session packet (figure 13). 

As pr claim 12: 

Michener discloses a method, further comprising storing the session number, the session 
key and a session time stamp in a database associated with the computer (figure 17). 

As per claim 14: 

Michener discloses a method, wherein making a determination comprises evaluating a 
session time stamp to determine whether the biometric information packet was received within a 
predetermined time period (column 2: lines 55-60; figure 17). 

As per claim 15: 

Michener discloses a method, wherein making a determination comprises comparing a . 
data representation of a user's biometric information to at least one data representation of 
biometric information stored in a database (column 5: lines 20-40). 

As per claim 16: 

Michener discloses a method, wherein making a determination comprises: comparing a 
session number to a list of valid values (column 9: lines 5-35); evaluating a session time stamp to 
determine whether the biometric information packet was received within a predetermined time 
period (column 2: lines 55-60; figure 17); and comparing a database representation of a user's 
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biometric information to at least one data representation of biometric information stored in a 
database (figure 17; column 9: lines 5-35; column 5: lines 20-40). 

As per claim 17: 

Michener discloses a method, wherein pre-establishing an encryption relationship 
comprises storing a first encryption component with the computing device and a second 
encryption component with the biometric device, one of the first and second encryption 
components being configured to decrypt information that has previously been encrypted utilizing 
the other of the first and second encryption components (figure 8: 802-808; figure 10: 1002- 
1012; abstract). 

AS per claim 18: 

Michener discloses a method, wherein encrypting the session packet comprises 
encrypting the session packet utilizing one of the first and second encryption components (figure 
10: 1002-1022; abstract). 

As per claim 19: 

Michener discloses a method, wherein pre-establishing an encryption relationship 
comprises storing a first part of a PKI key pair with the computing device and a second part of 
the PKI key pair with the biometric device (figure 10: 1002-1022; abstract). 



As per claim 20: 
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Michener discloses a method, wherein encrypting the session packet comprises 
encrypting the session packet utilizing one of the first and second parts of the PKI key pair 
(figure 10: 1002-1022; abstract). 

As per claim 21: 

Michener discloses a method, wherein pre-establishing an encryption relationship 
comprises storing a first part of a static encryption key pair with the computing and a second part 
of the static encryption key pair with the biometric device, one of the first and second parts being 
configured to decrypt information that has previously been encrypted utilizing the other part 
(figure 10: 1002-1022; abstract). 

As per claim 22: 

Michener discloses a method, wherein encrypting the session packet comprises 
encrypting the session packet utilizing one of the first and second parts of the static encryption 
key pair (figure 10: 1002-1022; abstract). 

As per claim 35: 

Ting discloses a computer readable medium having instructions stored thereon which, 
when executed by a computing device, cause the computing device to perform a series of steps 
comprising: 

receiving a session initiation command (0025; 0029-31); 
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transmitting the encrypted session packet to a biometric device; a session packet comprises 
obtaining a session key and storing it in the session packet (0025; 0029-3 1); 

receiving a biometric information packet from the biometric device (0025); 

decrypting the biometric information packet, wherein decrypting the biometric information 
packet comprises decrypting it with an encryption key that is complementary related to 
the session key (0010; 0035; 0036); and 

determining, based on a content of a collection of authentication information contained in the 
decrypted biometric information packet, whether or not to utilize a collection of 
biometric data contained in the decrypted biometric information packet (0010; 0035; 
0036). 

Ting discloses does not explicitly teach encrypting the generated session packet and 
maintaining a record of the session number. Michener, in an analogous art, however teaches 
encrypting the generated session packet and maintaining a record of the session number (column 
4: lines 55-67; column 5: lines 40-67; figure 5a, 5b; column 7: lines 15-60). Therefore, it would 
have been obvious to a person having ordinary skill in the art at the time the invention was 
made to modify the method disclosed by Ting to include encrypting the generated session 
packet and maintaining a record of the session number. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated by the 
desire a personal protection of electronic data that is small, easy to use, provides excellent 
protection to the PC/laptop use, that can operate in conjunction with corresponding devices at a 
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central data gathering point to provide near real time validation of the information as suggested 
by Michener (in column 2: lines 55-62). 

As per claim 36: 

Michener discloses a computer readable medium, wherein generating a session packet 
comprises generating a session number and storing it in the session packet (column 9: lines 5- 
40; Session-Random Number). 

As per claim 37: 

Michener discloses a computer readable medium, further comprising the step of storing 
the session number in a database associated with the computing device (Column 10: lines 1-25; 
figure 13: Table Lookup; data structure). 

As per claim 38: 

Michener discloses a computer readable medium, wherein the consecutive order of pr- 
establishing, generating, maintaining, encrypting, and receiving (0030; 0036; 0039). 

As per claim 39: 

Michener discloses a computer readable medium, further comprising the step of storing 
the session key in a database associated with the computer (Column 10: lines 1-25; figure 13: 
Table Lookup; data structure). . 
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As per claim 41: 

Michener discloses a computer readable medium, wherein obtaining a session key 
comprises generating a public key portion of a PKI key pair (column 17: lines 5-11). 

As per claim 42: 

Michener discloses a computer readable medium, wherein decrypting the biometric 
information packet with an encryption key that is complementary related to the session key 
comprises decrypting the biometric information packet with a private key portion of the PKI key 
pair (column 17: lines 5-11). 

As per claim 43: 

Michener discloses a computer readable medium, wherein generating a session packet 
comprises generating a session time stamp and storing it in the session packet (figure 13). 

As per claim 44: 

Michener discloses a computer readable medium, wherein determining comprises 
comparing a session number to a list of valid values (column 9: lines 5-35). 

As per claim 45: 

Michener discloses a computer readable medium, wherein determining comprises 
evaluating a session time stamp to determine whether the biometric information packet was 
received within a predetermined time period (column 2: lines 15-60; figure 17). 
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As per claim 46: 

Michener discloses a computer readable medium, wherein encrypting the session packet 
comprises encryption the session packet with a first encryption component that is 
complimentarily related to a second encryption component maintained on the biometric device, 
one of the first and second encryption components being configured to decrypt information that 
has previously been encrypted utilizing the other of the first and second encryption components 
(figure 8: 802-808; figure 10: 1002-1012; abstract). 

As per claim 47: 

Michener discloses a computer readable medium, wherein the first and second encryption 
components are a PKI key pair (figure 10: 1002-1022; abstract). 

As per claim 48: 

Michener discloses a computer readable medium, wherein the first and second encryption 
components are a static encryption key pair (figure 10: 1002-1022; abstract). 

As per claim 49: 

Ting discloses a computer-implemented method for enhancing the security of informational 
interactions with a biometric device, comprising: 

pre-establishing an encryption relationship between a computing device and the biometric device 
(0013); 
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a session packet, and transmitting it to the biometric device wherein a session packet comprises 
generating a session number and storing it in the session packet (0025; 0029-31); and 

receiving a biometric information packet, decrypting it, and making a determination, as to 
whether or not to utilize a collection of biometric data contained in the decrypted 
biometric information packet, wherein making a determination comprises comparing a 
session number received with or a part of the biometric information packet to the record 
of the session number (0010; 0035; 0036). . 

Ting discloses does not explicitly teach encrypting the generated session packet. 
Michener, in an analogous art, however teaches encrypting the generated session packet 
(column 4: lines 55-67; column 5: lines 40-67; figure 5a, 5b; column 7: lines 15-60). Therefore, 
it would have been obvious to a person having ordinary skill in the art at the time the invention 
was made to modify the method disclosed by Ting to include encrypting the generated session 
packet. This modification would have been obvious because a person having ordinary skill in 
the art would have been motivated by the desire a personal protection of electronic data that is 
small, easy to use, provides excellent protection to the PC/laptop use, that can operate in 
conjunction with corresponding devices at a central data gathering point to provide near real 
time validation of the information as suggested by Michener (in column 2: lines 55-62). 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. See the notice of reference cited in form PTO-892 for additional prior art. 
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Contact Information 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Techane J. Gergiso whose telephone number is (571) 272-3784 
and fax number is :(5,71)'273-3.784. The examiner can normally be reached on 9:00am - 6:00pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization 
where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Techane Gergiso 
Patent Examiner 
Art Unit 2137 
November 16, 2007 




